Can anybody explain me why Opera and IE still allows reading of iframe with file:// src from the html of same protocol (whereas Firefox and Chrome forbids it)? Cause if user saves the page with such iframe locally and opens it, JS can read its innerHTML and send it anywhere.

P.S. Curious: local open of html file with <iframe src="file:///C:\WINDOWS\NOTEPAD.EXE"> in Safari Win leads to executing explorer.exe with C:\WINDOWS location. lol